"Debugging or Monitoring tool detected"

GreyShaddow · 17.06.2011, 19:11

Code:

ATTFilter

ComboFix 11-06-16.02 - *Name* 17.06.2011  19:40:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2662 [GMT 2:00]
ausgeführt von:: d:\users\*Name*\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*Name*\AppData\Local\lame_enc.dll
c:\users\*Name*\AppData\Local\no23xwrapper.dll
c:\users\*Name*\AppData\Local\ogg.dll
c:\users\*Name*\AppData\Local\vorbis.dll
c:\users\*Name*\AppData\Local\vorbisenc.dll
c:\users\*Name*\AppData\Local\vorbisfile.dll
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-17 bis 2011-06-17  ))))))))))))))))))))))))))))))
.
.
2011-06-17 17:43 . 2011-06-17 17:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-06-17 17:43 . 2011-06-17 17:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-17 07:14 . 2011-05-09 22:00	8718160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A92FC07-4767-4A69-8B3A-1EA540C30933}\mpengine.dll
2011-06-16 17:00 . 2011-06-17 06:55	43520	----a-w-	c:\windows\SysWow64\CmdLineExt03.dll
2011-06-16 12:14 . 2011-06-16 12:14	--------	d-----w-	c:\users\*Name*\AppData\Roaming\Malwarebytes
2011-06-16 12:14 . 2011-05-29 07:11	39984	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-16 12:14 . 2011-06-16 12:14	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-16 12:14 . 2011-05-29 07:11	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-15 17:20 . 2011-04-25 05:33	1923968	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-15 17:20 . 2011-04-25 02:34	499200	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-15 17:20 . 2011-04-27 02:40	158208	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 17:20 . 2011-04-27 02:39	289280	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 17:20 . 2011-04-27 02:39	128000	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 17:20 . 2011-05-28 03:06	3135488	----a-w-	c:\windows\system32\win32k.sys
2011-06-15 17:20 . 2011-04-29 03:06	467456	----a-w-	c:\windows\system32\drivers\srv.sys
2011-06-15 17:20 . 2011-04-29 03:05	410112	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-15 17:20 . 2011-04-29 03:05	168448	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-15 17:20 . 2011-02-25 06:22	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-15 17:20 . 2011-02-25 05:34	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-06-15 17:20 . 2011-05-03 05:29	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-15 17:20 . 2011-05-03 04:30	741376	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-05-28 12:57 . 2011-06-17 07:24	--------	d-----w-	c:\users\*Name*\AppData\Roaming\go
2011-05-28 12:57 . 2011-06-17 07:24	--------	d-----w-	c:\programdata\Easybits GO
2011-05-27 20:07 . 2011-06-16 21:25	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-05-25 19:55 . 2011-04-22 22:15	27520	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-05-19 13:22 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2011-05-19 13:22 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 21:41 . 2011-05-16 21:09	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-10 21:31 . 2011-05-10 21:31	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-28 20:07 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-28 20:07 . 2009-08-18 10:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-23 23:20 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-04-23 23:20 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-04-21 16:08 . 2011-04-21 16:08	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-21 16:08 . 2011-04-21 16:08	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-04-21 16:08 . 2011-04-21 16:08	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-04-21 16:08 . 2011-04-21 16:08	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-04-21 16:08 . 2011-04-21 16:08	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-21 16:08 . 2011-04-21 16:08	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-04-21 16:08 . 2011-04-21 16:08	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-04-21 16:08 . 2011-04-21 16:08	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-04-21 16:08 . 2011-04-21 16:08	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-04-21 16:08 . 2011-04-21 16:08	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-04-21 16:08 . 2011-04-21 16:08	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-04-21 16:08 . 2011-04-21 16:08	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-04-21 16:08 . 2011-04-21 16:08	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-04-21 16:08 . 2011-04-21 16:08	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-04-21 16:08 . 2011-04-21 16:08	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-04-21 16:08 . 2011-04-21 16:08	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-04-21 16:08 . 2011-04-21 16:08	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-04-21 16:08 . 2011-04-21 16:08	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-04-21 16:08 . 2011-04-21 16:08	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-04-21 16:08 . 2011-04-21 16:08	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-04-21 16:08 . 2011-04-21 16:08	222208	----a-w-	c:\windows\system32\msls31.dll
2011-04-21 16:08 . 2011-04-21 16:08	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-04-21 16:08 . 2011-04-21 16:08	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-04-21 16:08 . 2011-04-21 16:08	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-04-21 16:08 . 2011-04-21 16:08	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-04-21 16:08 . 2011-04-21 16:08	12288	----a-w-	c:\windows\system32\mshta.exe
2011-04-21 16:08 . 2011-04-21 16:08	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-04-21 16:08 . 2011-04-21 16:08	114176	----a-w-	c:\windows\system32\admparse.dll
2011-04-21 16:08 . 2011-04-21 16:08	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-04-21 16:08 . 2011-04-21 16:08	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-04-21 16:08 . 2011-04-21 16:08	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-04-21 16:08 . 2011-04-21 16:08	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-04-21 16:08 . 2011-04-21 16:08	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-04-21 16:08 . 2011-04-21 16:08	448512	----a-w-	c:\windows\system32\html.iec
2011-04-21 16:08 . 2011-04-21 16:08	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-04-21 16:08 . 2011-04-21 16:08	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-04-21 16:08 . 2011-04-21 16:08	160256	----a-w-	c:\windows\system32\wextract.exe
2011-04-21 16:08 . 2011-04-21 16:08	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-04-13 13:04 . 2011-04-13 13:04	45432	----a-w-	c:\windows\system32\drivers\point64.sys
2011-04-13 13:04 . 2011-04-13 13:04	1721576	----a-w-	c:\windows\system32\wdfcoinstaller01009.dll
2011-04-09 16:55 . 2011-04-09 16:55	15453336	----a-w-	c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55	13642904	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-11 13:22	5562240	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-11 13:22	3967872	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 13:22	3912576	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-04-08 21:00 . 2011-04-08 21:00	464896	----a-w-	c:\windows\system32\ipcoin815.dll
2011-04-08 05:14 . 2011-04-20 08:34	67176	----a-w-	c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-20 08:34	6299752	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-04-20 08:34	57960	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-04-08 05:14 . 2011-04-20 08:34	6974056	----a-w-	c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-20 08:34	5183080	----a-w-	c:\windows\SysWow64\nvcuda.dll
2011-04-08 05:14 . 2011-04-20 08:34	2893416	----a-w-	c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-20 08:34	2765928	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2011-04-08 05:14 . 2011-04-20 08:34	2204264	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-20 08:34	2074216	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-20 08:34	20700264	----a-w-	c:\windows\system32\nvoglv64.dll
2011-04-08 05:14 . 2011-04-20 08:34	1619048	----a-w-	c:\windows\system32\nvdispco6420140.dll
2011-04-08 05:14 . 2011-04-20 08:34	15227496	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2011-04-08 05:14 . 2011-04-20 08:34	1404008	----a-w-	c:\windows\system32\nvgenco642060.dll
2011-04-08 05:14 . 2011-04-20 08:34	13262184	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-20 08:34	12934248	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2011-04-20 08:34	10071656	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2011-04-20 08:34	18578536	----a-w-	c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-20 08:34	13007464	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2011-04-08 05:14 . 2010-03-30 12:47	2034280	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2009-12-24 23:27	2273896	----a-w-	c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2009-07-13 21:59	8411752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-04-07 21:19 . 2011-04-07 21:19	2582120	----a-w-	c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19	117864	----a-w-	c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19	1012328	----a-w-	c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19	797288	----a-w-	c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19	6338152	----a-w-	c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18	3041384	----a-w-	c:\windows\system32\nvsvc64.dll
2011-04-06 14:26 . 2011-04-06 14:26	96544	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26	119584	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-03-31 15:50 . 2009-12-24 23:08	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2011-03-31 15:50 . 2009-12-24 23:08	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2011-03-31 15:50 . 2009-12-24 23:08	123480	----a-w-	c:\windows\system32\OpenAL32.dll
2011-03-31 15:50 . 2009-12-24 23:08	109144	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2011-03-25 03:29 . 2011-05-11 13:22	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-11 13:22	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-11 13:22	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-11 13:22	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-11 13:22	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:28 . 2011-05-11 13:22	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2006-05-03 10:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="d:\program files (x86)\Vtune\TBPanel.exe" [2009-10-05 2158592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"VolPanel"="d:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Ai Nap"="d:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="d:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="d:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files (x86)\Hama\Common\RaUI.exe [2011-2-11 1085440]
Secunia PSI Tray.lnk - d:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\*Name*\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\*Name*\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-01-31 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-24 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WinRing0_1_1_1;WinRing0_1_1_1;d:\users\*Name*\Documents\C2DtoG15 1.1.0.0\WinRing0x64.sys [2009-12-24 13520]
R3 zlportio;zlportio;d:\program files (x86)\UltraStar\zlportio.sys [2001-09-22 4016]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;d:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;d:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\*Name*\AppData\Roaming\Mozilla\Firefox\Profiles\cwqoodar.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: RSS Ticker: {1f91cde0-c040-11da-a94d-0800200c9a66} - %profile%\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-3685093448.fuse.fender.com - c:\program files (x86)\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe
AddRemove-GeoGebra - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-491705904-157319923-2715609677-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-491705904-157319923-2715609677-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,85,c5,80,be,73,17,86,04,ce,4f,76,6e,33,23,97,35,d8,6d,2a,c1,
   75,e4,bb,6b,72,53,a3,0d,38,fe,05,b7,0e,69,a4,6a,ac,3f,d1,8a,ba,20,cc,4b,06,\
"rkeysecu"=hex:71,b7,99,c2,05,76,27,fa,01,d6,47,19,65,aa,0f,32
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
d:\avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
d:\program files (x86)\FileZilla Server\FileZilla Server.exe
d:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-17  19:48:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-17 17:48
.
Vor Suchlauf: 11 Verzeichnis(se), 271.349.092.352 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 270.935.191.552 Bytes frei
.
- - End Of File - - 2D4FA710197AAFA1AE29A239BC2ED3DB

"Debugging or Monitoring tool detected"

Log-Analyse und Auswertung: "Debugging or Monitoring tool detected"

"Debugging or Monitoring tool detected"

Ähnliche Themen: "Debugging or Monitoring tool detected"